Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 1 Jan 2012 15:55:26 +0000
From: Alex Sicamiotis <alekshs@...mail.com>
To: <john-users@...ts.openwall.com>
Subject: RE: John as a wordlist creator


> >
> > for example
> >
> > guesses: 2  time: 0:00:21:43 7%  c/s: 7991K  trying: Alex2194 - Alekshs2
> > guesses: 2  time: 0:00:22:48 7%  c/s: 8006K  trying: Giannis2 - Giannhs2
> > guesses: 2  time: 0:00:23:17 7%  c/s: 8008K  trying: Alex2521 - Alekshs2
> >
> > Alekshs2 appeared a few hundred times, and that means it has been tried a few million times :P
> 
> 
> This is caused by the hash type being limited to password length 8, and 
> the rules you used were not taking this into account.
> 
> I guess the rules appended 4 digits (possibly after capitalizing the word).
> 

Yep... it was in the XXXX digits added.

> So, with more sophisticated rules you can reduce the risk of producing 
> duplicate password candidates.
> (You can not avoid duplicates, because this also depends on your input 
> word list. IF you have a rule which replaces all vowels with '*', 
> different input words can be converted into the same password candidate.)
> 
> Regards,
> Frank

Basically, and despite seeing that many korelogic rules were potentially overlapping, I merged all of them under a signle entry, using them with a self-compiled list of common greek names. The rule list was pretty extensive so the thought of tweaking each rule was not really contemplated - I chose to waste cpu time, instead of my time.... Thus I used the ruleset for a few names, and it threw up something like 15-20 passwords within a couple hours. As it proved, they were mostly names+initials of surnames attached, plus some kind of twist, like birthyear, a symbol or a number. This then gave me some more ideas about extracting rules from the ruleset, modifying them and applying it in a much more limited fashion that 10 million rules. 

One of the funnier things is, when I tried to copy the john directory to another directory to try something new (I have like 50 or 60 directories of john, each with different .confs, chrs etc - I'm starting to lose track of what I'm doing in each one) and it was more than 1 gig... I was like "hmm, what happened?"... then I realised that the ruleset was so enormous that it was generating GIGABYTES in john.log, heh.

Thanks for the tips.
 		 	   		  

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.